API Reference

Automate intelligence ingestion across your operational grid.

Authentication

Programmatic REST access is strictly limited to authenticated Enterprise environments. Requests must include an active API token in the authorization header.

Authorization: Bearer tp_live_xxxxxxxxxxxxxxxxx

Real-Time Webhooks (Zero-Touch)

Push Architecture

The fastest ingestion path. The ThreatPulse engine pushes JSON payloads directly to your PagerDuty (Events API v2), Jira Cloud, SIEM, or Slack/Discord endpoints within 300ms of a standard deviation anomaly trigger.

Example Enterprise Payload
{
  "timestamp": "2026-06-25T14:32:01Z",
  "radar_node": "Dark Web Malware DB",
  "severity_metric": {
    "z_score": 3.42,
    "volume_spike_pct": 185.4,
    "statistical_threshold_met": true
  },
  "llm_analysis": {
    "threat_summary": "Extracted indicators show emerging zero-day distribution...",
    "mitre_tags": ["Zero-Day", "Credential Leak"],
    "targets": ["Aviation", "Energy"]
  },
  "routing": {
    "pagerduty_routing_key": "YOUR_INTEGRATION_KEY",
    "jira_project_key": "SEC-OPS"
  }
}

Historical Data REST API

Enterprise Only

Query the analytical datastore for historical trends, specific adversary nodes, or brand-specific vulnerabilities.

GET /v1/intel/anomalies

Fetch paginated threat anomalies. Required query parameters:

  • ?limit= (integer, max 100)
  • ?min_z_score= (float, e.g., 2.0)
  • ?target_keyword= (string, e.g., "Microsoft")